A few weeks ago, whilst applying the latest security patches for Magento, I ran into a problem in our build pipeline. The patches could be applied locally without any issues, but in our build pipeline applying the patches failed.
A few days ago Jordi announced the first dev build of Composer 2.0. I immediately went and downloaded it. Since version 2.x should be a lot faster, I thought it is a good idea to test it against a current Magento 2 project I am working on. I was a bit disappointed first because Composer failed with quite a few errors like that:
Sometimes you run into this situation when a git pull will respond with
Merge conflict in config.php. How to solve this issue in a proper way? Let's have a look how other people solve similar issues, namely my friend Mr. Rafael Dohms. Quite a while ago he blogged about a similar problem on how to solve conflicts in Composer's lock file. This is what I learned from his blog post:
This blog post has been sitting on my desk for quite a while but due to a lot of work in the last weeks I was not able to finish it earlier. Luckily, I found some time during my travels to finish the blog post and share my findings on the "require-dev gone wrong!" problem. While some people thought the former blog post was mostly click bait or proposed a "fix" which does not actually solve the general problem, I actually got a lot of good feedback on twitter. Even an issue for Composer was created to discuss the problem even though it was closed by now.
For a long time, I have been advocating to make use of require-dev to install development tools locally. We use this on a daily basis to install tools like Phing, PHPUnit or phpDocumentor locally for each of our (customer) projects. Given that our focus is on custom projects, this absolutely makes sense. I do not want our projects to use an old version of a given tool or update all our projects constantly to use the latest version of all the tools involved. In addition to that, a simple composer.phar install in the project root should be sufficient to install all dependencies required to build and run the project.
In my recent attempt to migrate away from our Jenkins infrastructure to the new GitLab CI Runner infrastructure I ran into a problem: Since we want to use Docker images for the GitLab CI builds I struggled a bit on how pass the authentication information for Satis and GitLab into the docker images. Since the base images - basic PHP setup - should be used for our projects I did not want to share the access credentials in the different base images. Gitlab's secret variables sounded like a good idea but unfortunately they need to be defined for each and every project. Currently we have more than 250 projects in our GitLab instance, configuring secret variables for all the projects would have been a big pain.
Last week I gave my Composer for corporate use presentation at the code.talks 15 conference im Hamburg. In the section of my talk where I highlight how to work on multiple packages the same time (e.g. two applications sharing the same core functionality) I pointed to the audience to path repository feature of Composer. Unfortunately right after my session I began to realize that this is indeed the best feature we have out there when it comes to working on multiple packages the same time and to avoid the Satis or ToranProxy round trip. This is how it works: Add the following lines to your root composer.json file:
Am Montag den 09.03.2015 trifft sich zum ersten Mal die ZürichPHP Usergroup. Ich werde dort meinen Votrag "Composer for Corporate Use" halten und darstellen warum es Sinn macht Composer einzusetzen und wie man Composer konkret im Projektkontext einsetzen kann.
Recently we converted one of project to use Vagrant Rsync Folders instead of the default VirtualBox shared folder setup. After running the vagrant rsync-auto command for a while we realized that the symlinks in Composers ./vendor/bin/ where replaced with the content of the previously symlinked files. This made the commands unusable.